White House Urged To Address Surge in Ransomware Attacks

Cybersecurity experts, law enforcement agencies and governments urged the White House to root out safe havens for criminals engaging in ransomware and step up regulation of cryptocurrencies, the lifeblood of hackers, in the hopes of controlling a growing wave of attacks. From a report: These are two of 48 recommendations made by a task force in a report Thursday to the Biden administration aimed at fighting the continuing ransomware episodes that plague major corporations, local governments and health-care providers across the world. The task force, organized by the Institute for Security and Technology, said the cyber-attacks have become a $350 million criminal industry -- a four-fold increase from the previous year. Last week, the U.S. Justice Department created its own, independent ransomware task force, signaling growing awareness inside the U.S. government of the now decade-old threat. Ransomware is a type of malicious code that typically encrypts a victim's data or network of computers. The hackers then demand a ransom to decrypt the information. More recently, ransomware gangs have also stolen data and threatened to make it public unless the victim pays a fee.

Re:

[Anonymous Coward]

The Second Amendment states that the right to keep and bear arms shall not be infringed, and any restriction by type is an infringement.

Re:

[DarkRookie2]

Please read the 21st amendment. You can add one to negate a previous one.

Re:

[Anonymous Coward]

There has been no amendment ratified that negates the Second.

Re:

[jwhyche]

Please read Article Five.

The Congress, whenever two thirds of both houses shall deem it necessary, shall propose amendments to this Constitution, or, on the application of the legislatures of two thirds of the several states, shall call a convention for proposing amendments, which, in either case, shall be valid to all intents and purposes, as part of this Constitution, when ratified by the legislatures of three fourths of the several states, or by conventions in three fourths thereof, as the one or the

Re:

[DarkRookie2]

Oh, I didn't say it would happen, just needs to. I know my own state wouldn't back. It is filled with people proud to be stupid and old people that should've died already.
Nobody currently has an pro-gun argument that is better than the fact they are fun to shoot and customize. Home invasion? Baseball bat/quarter staff. Hunting? Bows, crossbows, and spears. Because other people have guns? Get rid of all the guns and you wouldn't have to worry about this.

Re:

[jwhyche]

Oh, I didn't say it would happen, just needs to. I know my own state wouldn't back. It is filled with people proud to be stupid and old people that should've died already.

No, it doesn't need to happen and the fact that you are chiming in with saying "people need to die" proves to me that you are one sick fuck. Please don't comment on anything I post any more.

Here is a couple of pro-gun arguments that are all you need to know. History says otherwise and protection during home invasion. There you go, those the best reasons for the 2nd amendment and trump any argument anyone has to get rid of it.

Re:

[DarkRookie2]

You learn from history. I will be making IEDs, Chemicals, and Propaganda if it ever came to civil war here.
I am not betting on winning against the US Military in a shootout when they have a clear goal in mind. They have a lot more than just guns.

Re:

[jwhyche]

I learned from your history that you are a sick fuck. Here is an idea for you. Take advantage of the greatest right all U.S. Citizens have and leave. There are plenty of countries out there that would fit your sick thoughts. Anyone who thinks people should die to make the world a better place; there are better place in the world for you.

Re:

[DarkRookie2]

Sure I will fucking leave once you give me the money to do so.

Re:

[DarkRookie2]

Good. Not needed anyways. Not like we could win against the US Military if they tried.

Re:

[DarkRookie2]

Yeah, but I would say that is more the government not having any fucking idea what the war was suppose to accomplish.

Re:

[inode_buddha]

I think they know very well what they are doing. Mainly, business for their buddies in the private sector. AKA "campaign donors".
Never mind that people actually *died* for this shit. The US has been spending something like 4 Bln per week over there since 9/11, meanwhile we can't even take care of our own, how come you never hear the "small government" types screaming about that?

Easy fix

[ArmoredDragon]

Make it illegal to pay the ransom. Watch how fast it stops. Even if the ransom is paid, there's zero guarantee that it won't get leaked anyways. Should have secured your data better.

Re:

[ArchieBunker]

I thought it was already illegal? But most of these ransomware gangs operate from Russia or other untouchable countries so how can you stop them?

Re:

[ArchieBunker]

Told you motherfuckers, https://krebsonsecurity.com/20... [krebsonsecurity.com]

Re: Easy fix

[ArmoredDragon]

Strictly speaking it's not illegal, it really depends on who the money goes to. The act of paying the ransom is never illegal, rather it's the fact that you paid money to somebody who is on a government shitlist, no matter what the reason.

Re:

[mysidia]

Not only is it not illegal, but for companies that get Insurance coverage to help pay costs to recover from cybersecurity incidents (The labor and materials to recover are expensive even if you have backups).. it seems the insurance companies will often set the reimbursement amount as the lesser of costs of the ransom and the estimated cost of rebuilding from backups.... In other words, if these businesses could recover their data by restoring from backups - It is possible that the insurance company w

Re:

[DarkOx]

Its only illegal if you are sending money to a group there are sanctions against. I forget the exact law "aiding Americas enemies act" or something along those lines.

Basically if the perps are not already on some state department naughty list you can pay - but there are also other rules now against the FBI helping facilitate payment. So if you decide to pay you are really on your own.

Then there is the public perception of it all. So what a lot of companies do is hire these 'recovery firms' to get the datab

Re:Easy fix

[140Mandak262Jamuna]

Yup, it worked great with Tax evasion. We made it illegal. And boom, every one pays taxes without fail, there is absolutely no tax evasion.

Re:

[shanen]

Your sig is referring to "Rajnikanth"? But I still don't get the output redirection?

Re:

[140Mandak262Jamuna]

If you replace Chuck Norris with Rajnikanth, in a Chuck Norris joke, it becomes a fact.

Re:

[shanen]

In that case, I suggest the sig could be clarified as:

sed -e 's/Chuck Norris/Rajnikanth/g' joke => fact

But you must be a fan. I'd never heard of him before.

Force software companies to secure their software

[xack]

That means either forcing upgrades from Windows 7 and below to Windows 10 or make ESUs free. Plus Force Android phone developers to update their OS.

Re: Force software companies to secure their softw

[Cmdln Daco]

Android phones get granular updates that go on for years. The Play Store pushes updates regularly for critical components of the android system. It is not an all-in-one major feature update like Apple pushes to the handful of hardware combinations they will support.

Re:

[Anonymous Coward]

“Look, having nuclear—my uncle was a great professor
and scientist and engineer, Dr. John Trump at MIT; good
genes, very good genes, OK, very smart, the Wharton
School of Finance, very good, very smart —you know, if
you’re a conservative Republican, if I were a liberal, if,
like, OK, if I ran as a liberal Democrat, they would say I’m
one of the smartest people anywhere in the world—it’s
true!—but when you’re a conservative Republican they
try—oh, do they d

Ban cryptocurrency

[Pinky's Brain]

Sanction all financial services which deal with cryptocurrency world wide. The US can do it for Iran, they can do it for cryptocurrency exchanges.

Problem solved.

cryptocurrency exchanges must hold funds like an b

[Joe_Dragon]

cryptocurrency exchanges must hold funds like an bank and follow banking laws.

Re:

[e3m4n]

as well as imposing taxation and trasaction fees. a ton of your cost of gasoline is a variety of taxes at every level of government. Or a better example, alcohol. At one time there was no sales tax on beer, spirits, and wine, because of the ridiculous amounts of tax already done before it hits the shelf. But then a bunch of non-drinking baptists started pissing and moaning thinking us sinners were not having to pay any tax on what clearly is a sin. So here is the breakdown for alcohol in my state:

the st

Can't fix stupid

[DarkRookie2]

You can try, but most in this care are or choose to be dumb.

You want govt to help?

[140Mandak262Jamuna]

All these years we decired government is the beast. "Starve The Beast! Starve The Beast!!" was the resounding cry. When asked would you take 1 $ increase in taxes for 10 $ cut in spending, we cried "No way! Cut it Cut it Cut it! To the bone!". Some us kept shouting, "If you shrink the government small enough to be drowned in a bath tub, some big corporation will actually drown it". We were shouted down.

Now we got what we wanted. Government small enough to hide in a bathtub when the pandemic rages on. Government has to print trillions of dollars and give them to the very private companies that refused to pay their share of the taxes or shoulder their share of the burden of governing. We have no power to enforce even the basic laws. Even the minimal taxes are being evaded rampantly and flagrantly and government can't get even enforce that.

Now you are urging the White House? Who are you people? Did you speak out when the government was being cut to the bone and beyond? Were silent then? Shut up now.

If you were silent or agreed with The most dangerous words in USA are I am from the government and I am here to help you have no right to complain. You are the reason why Govt can't do anything.

Re:

[CrimsonAvenger]

When asked would you take 1 $ increase in taxes for 10 $ cut in spending, we cried "No way! Cut it Cut it Cut it! To the bone!".

Well, if we could get a $10 cut in spending in exchange for a $1 increase in taxes, I think pretty much everyone would be in favour.

Alas, what we usually get is a $1 increase in taxes, and a $10 increase in spending to make up for it....

Re:

[140Mandak262Jamuna]

It is perfectly ok for you to take that position. But you can't that stand and then demand Government do something about ransomware attacks or cyberthreats.

Re:

[ebyrob]

I could still demand they repeal bad laws like the DMCA that stifle research into cryptography. Oh Snap! Too much government money CAN do really bad things to the world!

Re:

[mysidia]

All these years we decired government is the beast. "Starve The Beast! Starve The Beast!!" was the resounding cry....

Government is still the beast, BUT Enforcement of our Laws to protect the public safety and property owners against evil actors are literally the primary job of government that is supposed to take priority over everything else - If they are spending bucks on secondary things, they'd better be doing their primary job first -- the prominence and existence of ransomware gangs represents an utte

Re:

[140Mandak262Jamuna]

Government will protect the rights of property owners when majority of the people own property. Net worth of 50% of Americans is negative. They have no property worth protecting. Once you impoverish the population to that level there is no way you can have a Democracy that supports property rights. If people are not working it is because they are not getting paid enough. If you pay them enough they will work.

Re:

[DarkOx]

Dude your entire post has FUCK all to do with anything here. One of the few things the starve the beast crowd generally supports the government doing is law enforcement.

Last I checked ransomware gangs are not 'big corporations' in sense you are ranting about.

So here is a wild thought - rather than raise taxes lets divert some of the money we apparently have to pass out to people to not work due to covid and instead use it have the FBI/CIA/Armed Forces go crack skulls of the people running these ransomware a

Re:

[140Mandak262Jamuna]

The starve the beast people's idea of law enforcement is militarized police running an authoritarian regime over "them" to protect the property rights of "us". If "they" dont have anything worth protecting, they are not going to obey the law. It is far easier for them to provide food, shelter and a decent quality of life for FREE than to fund police that will enforce the law the way starve the beast people imagine the society should be run.

Computers are a passing fad

[jfdavis668]

They will go away in a few years.

Re:

[burtosis]

No joke, 640kb of ram was so much more than I’d ever need that 0 is looking pretty good.

LOL!

[Gravis Zero]

As everyone knows, a proper backup systems will thwart a ransomware attack. What all these people are demanding is a justification for not having a proper backup system in place. Alternatively, they are demanding software be perfect while being unwilling to pay for or migrate to perfect software.

Any way you slice it, they are all demanding they not be held accountable for their own negligent management.

Re:LOL!

[jfdavis668]

Only if they do them right. Had a site's system go down, went to restore from backup. They had 6 months of backups, all done wrong. Never tested the restore procedure, so they never noticed. Had to wipe out the system and start over.

Re:

[DarkRookie2]

He did write proper. Proper does include testing.

Re:

[jwhyche]

I have no sympathy for a business that loses data because they didn't have a proper backup system in place. Having a system in place, have it test, and having a working restore procedure is all apart of doing business today. Not having this is just sloppy and lazy.

No sympathy

Re:LOL!

[UnixUnix]

Right. Indeed, sophisticated ransomware won't strike immediately upon penetrating a system; they linger, find out how backups are done and render them unusable. It takes alertness and planning to foil this.

Re:

[DarkOx]

As everyone knows, a proper backup systems will thwart a ransomware attack.

Nope.. many of the gangs have upped the anti, just look at what is happening to the DC Police right not. Its no longer give us money and we might help you unlock your files - its not give us money or else we publish your files. Your backups won't help you there.

You need strong egress and data leak protection controls, or keep the rasomware out in the first place with strong IPS controls, or to keep it from executing with strong host intrusion controls AND user training. Realistically you need to be all o

Re:

[LenKagetsu]

Simplest solution: If releasing the file will put someone's life at risk, don't have it on a system that can connect to the internet.

Re:

[DarkOx]

That might be reasonable.

What about when
a persons identity might be at risk
a persons reputation might be at risk
regulatory rules like HIPPA/FERPA might apply
a trade secret might be at risk
internal market analysis / forecasting data

Where do you draws these lines for information air gaping?

Re:

[EvilSS]

I think they best solution is to just outlaw the internet. If you shut down the internet and you can't leak anything on the internet.

Re:

[cmseagle]

If ransomware does a full Emory [slashdot.org] on your deployment it's going to be very time consuming, and therefore very expensive, to clean up the mess regardless of your backup strategy.

Re:

[ShrimpBoatCaptain]

Backups help with the encrypted data, sure, but backups don't do shit if your data has been stolen before being encrypted. They are diversifying more and more now beyond just encrypting. Recently the DC Police were hit and threats made to leak internal data including that on informants.

Re:

[DarkRookie2]

Racist fucktard

Real simple to fix

[jmccue]

If a company (or Gov org) system is broken into, the Feds tax them 40% of total revenue (budget) for 2 years or until fixed, whichever is longer, no appeals. If your server is on the "Cloud", the Cloud Provider will also be taxed 15% of total revenue for 4 years.

This tax will be put into a fund to protect people whose personal info was stolen. Similar to the "hazardous waste" fund is *suppose* to work, but make this new tax work.

With this, you can be sure these companies will setup servers and desktops t

Only idiots...

[drew_92123]

...pay the ransom.

Smart folks have the means in place to rollback changes to their infrastructure in just a few hours.

Slightly less smart folks need days to restore from backup, but still have no reason to the ransom.

IMO if you're stupid enough to not have good offsite backups, frequent snapshots, or a DR site with snapshots that you can quickly fail over to you should suffer the consequences.

Re:

[cmseagle]

Yeah, did you see the crazy stuff he was spouting off on the campaign trail? It seemed like he didn't even know where he was!

“Look, having nuclear—my uncle was a great professor and scientist and engineer, Dr. John Trump at MIT; good genes, very good genes, OK, very smart, the Wharton School of Finance, very good, very smart —you know, if you’re a conservative Republican, if I were a liberal, if, like, OK, if I ran as a liberal Democrat, they would say I’m one of the smartest people anywhere in the world—it’s true!—but when you’re a conservative Republican they try—oh, do they do a number—that’s why I always start off: Went to Wharton, was a good student, went there, went there, did this, built a fortune—you know I have to give my like credentials all the time, because we’re a little disadvantaged—but you look at the nuclear deal, the thing that really bothers me—it would have been so easy, and it’s not as important as these lives are (nuclear is powerful; my uncle explained that to me many, many years ago, the power and that was 35 years ago; he would explain the power of what’s going to happen and he was right—who would have thought?), but when you look at what’s going on with the four prisoners—now it used to be three, now it’s four—but when it was three and even now, I would have said it’s all in the messenger; fellas, and it is fellas because, you know, they don’t, they haven’t figured that the women are smarter right now than the men, so, you know, it’s gonna take them about another 150 years—but the Persians are great negotiators, the Iranians are great negotiators, so, and they, they just killed, they just killed us.”

The solution being to not use MICROS~1..

[takionya]

Well the first to do is stop putting the Microsoft product on all your computers.

Use the Afghan money

[smooth wombat]

With all the money we're going to be saving* by pulling out of Afghanistan, that money could be used to set up super secret hunter killer teams. They would be tasked with hunting down and eliminating those who perpetrate ransomeware attacks.

* By saving money I mean no longer propping up all those contract companies who live off the taxpayer dole such as the firm formerly known as Blackwater (now XE) or Halliburton or Raytheon.

Do government mandates even work?

[awwshit]

Before we implement more requirements, prove that NIST 800-171 works. Prove that DFARS requirements work. Prove that CMMC requirements work. The bar is already pretty tall to do business with the government. The costs for compliance are high. Its not clear that the processes actually work to prevent problems - I mean the SolarWinds hack bypassed most of those requirements. Let's make sure we are doing something effective and not just 'doing something'.

Step 1

[laughingskeptic]

Step 1 -- Governments publish lists of seized wallets associated with crimes.

Step 2 -- Recursively add contaminated wallets to lists of seized wallets

Step 3 -- Seize wallets of contaminated major exchanges

Exchanges that survive this process, if any, will start to be more careful about who they do business with. Monero, being much more difficult to trace contamination, will become exclusively used by criminals and will be radioactive because of its untraceability at legitimate exchanges.

It is illeg